[SOLVED] LXC unable to Access GPU by id mapping, error

[Aussi]

Hi all ,
hope you guys can help me out. I'm trying to give my LXC container the right access and permission with the help of id mapping.
But sadly enough I'm unable to get it to work and get an error when trying to run the LXC.

Error after apply idmapping in the .conf:

lxc.idmap: invalid map entry 'g 105 104 1': container gid 105 is also mapped by entry 'g 45 100045 61'
lxc_map_ids: 245 newgidmap failed to write mapping "newgidmap: write to gid_map failed: Invalid argument": newgidmap 13370 0 100000 44 44 44 1 45 100045 61 105 104 1 106 100106 65429
lxc_spawn: 1795 Failed to set up id mapping.
__lxc_start: 2114 Failed to spawn container "102"
TASK ERROR: startup for container '102' failed

On the host :

root@pve:~# ls -l /dev/dri
total 0
drwxr-xr-x 2 root root         80 Apr 14 12:13 by-path
crw-rw---- 1 root 100044 226,   0 Apr 14 12:13 card0
crw-rw-rw- 1 root 100105 226, 128 Apr 14 12:13 renderD128

group id on host:

root@pve:~# getent group video
video:x:44:
root@pve:~# getent group render
render:x:104:

In the LXC container:

root@docker:~# getent group video
video:x:44:root
root@docker:~# getent group render
render:x:105:root

so I modified /etc/subgid with the following

root:44:1
root:104:1

and added the following lines in the the LXC.conf :

lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 44
lxc.idmap: g 44 44 1
lxc.idmap: g 45 100045 61
lxc.idmap: g 105 104 1
lxc.idmap: g 106 100106 65429

 

[leesteken]

Why not use the new way of doing this: dev0: /dev/dri/card0,gid=44,uid=0 and dev1: /dev/dri/renderD128,gid=105,uid=0. Then you don't need the lxc.... stuff.

 

[Aussi]

Oh that's awesome, I didn't know of this !

Will this also work for passing a USB ?

lxc.cgroup2.devices.allow: c 166:* rwm
lxc.mount.entry: /lxc/102/devices/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file

 

[leesteken]

Will this also work for passing a USB ?

lxc.cgroup2.devices.allow: c 166:* rwm
lxc.mount.entry: /lxc/102/devices/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file

Probably, but the location under /dev has to be the same and I don't understand where the /lxc/102/devices/ttyUSB0 comes from. I also don't know what the tty group is inside the container but maybe just try dev2: /dev/ttyUSB0,gid=0,uid=0? Better to use the correct group ID instead of gid=0.

 

[Aussi]

I used this trick https://monach.us/automation/connecting-zwave-stick-under-lxc/ to get the proper permissions passed through

but this line did the trick right away ! Wow this is very nice. dev2: /dev/ttyUSB0,gid=0,uid=0

I'm not sure how to get the correct group ID for the /dev/ttUSB0

 

[leesteken]

I'm not sure how to get the correct group ID for the /dev/ttUSB0

What user and group is shown when you do ls -l /dev/ttyUSB0 on the Proxmox host? Then find the ID of the user (probably root/0) and the ID of the group inside the container using getent group tty (replace tty with the actual group name found in the first step).

 

[Aussi]

crw-rw---- 1 root dialout 188, 0 Apr 14 15:03 /dev/ttyUSB0

So that would mean root is user and group is dailout, but getent group dailout
doesn't report any group ID back.

 

[leesteken]

crw-rw---- 1 root dialout 188, 0 Apr 14 15:03 /dev/ttyUSB0

So that would mean root is user and group is dailout, but getent group dailout
doesn't report any group ID back.

The group probably does not exist inside the container. You could create it yourself, but if you don't have users (other than root) inside the container that need accesses to the device then it's not necessary and you can just keep gid=0.

 

[Aussi]

Thanks for the clear explanation Leesteken=!

 

[metjeh]

lxc.idmap: u 0 100000 65536
lxc.idmap: g 0 100000 44
lxc.idmap: g 44 44 1
lxc.idmap: g 45 100045 61
lxc.idmap: g 105 104 1
lxc.idmap: g 106 100106 65429

Your mapping if slightly off, correct would be:

# lxc.idmap: u 0 100000 65536
# lxc.idmap: g 0 100000 44
# lxc.idmap: g 44 44 1
# lxc.idmap: g 45 100045 60
# lxc.idmap: g 105 104 1
# lxc.idmap: g 106 100106 65430

Getting these mappings right is a pain

Why not use the new way of doing this: dev0: /dev/dri/card0,gid=44,uid=0 and dev1: /dev/dri/renderD128,gid=105,uid=0. Then you don't need the lxc.... stuff.

THANK you - this is a much more elegant way of doing it!

 

[Aussi]

Your mapping if slightly off, correct would be:

# lxc.idmap: u 0 100000 65536
# lxc.idmap: g 0 100000 44
# lxc.idmap: g 44 44 1
# lxc.idmap: g 45 100045 60
# lxc.idmap: g 105 104 1
# lxc.idmap: g 106 100106 65430

Getting these mappings right is a pain



THANK you - this is a much more elegant way of doing it!

Yeah this is really great ! also when moving to another PVE you don't have to setup the subGID on the host before restoring the LXC